Two-thousand patients at 125-bed Westerly (R.I.) Hospital had their names, Social Security numbers and medical records posted on a publicly accessible Web site, and the hospital said it doesn't know who did it.
"We don't know why it happened. We don't know how it happened. But we will," hospital President and CEO Charles Kinney told a local newspaper.
The Web site included detailed information about patients' surgical procedures and medical histories, as well as people's home addresses and insurance information.
The hospital said not all of its patients are affected, and the breach likely only extended to patients seen during certain days in January. Westerly Police learned of the problem earlier this week when a woman looked up her phone number on the Internet search engine Google and found a link to the site. Police called the hospital, then the FBI and State Police.
The hospital worked with several Internet companies, including Yahoo, to take the site down, and it was taken offline five hours later, according to the local newspaper. It's not clear how long the site was up or how many people saw the information. The hospital plans to send a letter to every affected patient as soon as possible, Kinney said.